SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)

High Nessus Plugin ID 120118

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870)

CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896).

CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)

CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)

CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000)

CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999)

CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)

CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)

CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)

CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)

CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748)

CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748)

CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2018-2120=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-2120=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2120=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2120=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2018-2120=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1043912

https://bugzilla.suse.com/show_bug.cgi?id=1044189

https://bugzilla.suse.com/show_bug.cgi?id=1046302

https://bugzilla.suse.com/show_bug.cgi?id=1046306

https://bugzilla.suse.com/show_bug.cgi?id=1046307

https://bugzilla.suse.com/show_bug.cgi?id=1046543

https://bugzilla.suse.com/show_bug.cgi?id=1050244

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1054914

https://bugzilla.suse.com/show_bug.cgi?id=1055014

https://bugzilla.suse.com/show_bug.cgi?id=1055117

https://bugzilla.suse.com/show_bug.cgi?id=1058659

https://bugzilla.suse.com/show_bug.cgi?id=1060463

https://bugzilla.suse.com/show_bug.cgi?id=1064232

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1069138

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1077761

https://bugzilla.suse.com/show_bug.cgi?id=1077989

https://bugzilla.suse.com/show_bug.cgi?id=1078720

https://bugzilla.suse.com/show_bug.cgi?id=1080157

https://bugzilla.suse.com/show_bug.cgi?id=1082555

https://bugzilla.suse.com/show_bug.cgi?id=1083647

https://bugzilla.suse.com/show_bug.cgi?id=1083663

https://bugzilla.suse.com/show_bug.cgi?id=1084332

https://bugzilla.suse.com/show_bug.cgi?id=1085042

https://bugzilla.suse.com/show_bug.cgi?id=1085262

https://bugzilla.suse.com/show_bug.cgi?id=1086282

https://bugzilla.suse.com/show_bug.cgi?id=1089663

https://bugzilla.suse.com/show_bug.cgi?id=1090528

https://bugzilla.suse.com/show_bug.cgi?id=1092903

https://bugzilla.suse.com/show_bug.cgi?id=1093389

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1095344

https://bugzilla.suse.com/show_bug.cgi?id=1096748

https://bugzilla.suse.com/show_bug.cgi?id=1097105

https://bugzilla.suse.com/show_bug.cgi?id=1098459

https://bugzilla.suse.com/show_bug.cgi?id=1098822

https://bugzilla.suse.com/show_bug.cgi?id=1099922

https://bugzilla.suse.com/show_bug.cgi?id=1099999

https://bugzilla.suse.com/show_bug.cgi?id=1100000

https://bugzilla.suse.com/show_bug.cgi?id=1100001

https://bugzilla.suse.com/show_bug.cgi?id=1100132

https://bugzilla.suse.com/show_bug.cgi?id=1101557

https://bugzilla.suse.com/show_bug.cgi?id=1101669

https://bugzilla.suse.com/show_bug.cgi?id=1102346

https://bugzilla.suse.com/show_bug.cgi?id=1102870

https://bugzilla.suse.com/show_bug.cgi?id=1102875

https://bugzilla.suse.com/show_bug.cgi?id=1102877

https://bugzilla.suse.com/show_bug.cgi?id=1102879

https://bugzilla.suse.com/show_bug.cgi?id=1102882

https://bugzilla.suse.com/show_bug.cgi?id=1102896

https://bugzilla.suse.com/show_bug.cgi?id=1103363

https://bugzilla.suse.com/show_bug.cgi?id=1103387

https://bugzilla.suse.com/show_bug.cgi?id=1103421

https://bugzilla.suse.com/show_bug.cgi?id=1103948

https://bugzilla.suse.com/show_bug.cgi?id=1103949

https://bugzilla.suse.com/show_bug.cgi?id=1103961

https://bugzilla.suse.com/show_bug.cgi?id=1104172

https://bugzilla.suse.com/show_bug.cgi?id=1104353

https://bugzilla.suse.com/show_bug.cgi?id=1104824

https://bugzilla.suse.com/show_bug.cgi?id=1105247

https://bugzilla.suse.com/show_bug.cgi?id=1105524

https://bugzilla.suse.com/show_bug.cgi?id=1105536

https://bugzilla.suse.com/show_bug.cgi?id=1105597

https://bugzilla.suse.com/show_bug.cgi?id=1105603

https://bugzilla.suse.com/show_bug.cgi?id=1105672

https://bugzilla.suse.com/show_bug.cgi?id=1105907

https://bugzilla.suse.com/show_bug.cgi?id=1106007

https://bugzilla.suse.com/show_bug.cgi?id=1106016

https://bugzilla.suse.com/show_bug.cgi?id=1106105

https://bugzilla.suse.com/show_bug.cgi?id=1106121

https://bugzilla.suse.com/show_bug.cgi?id=1106170

https://bugzilla.suse.com/show_bug.cgi?id=1106178

https://bugzilla.suse.com/show_bug.cgi?id=1106191

https://bugzilla.suse.com/show_bug.cgi?id=1106229

https://bugzilla.suse.com/show_bug.cgi?id=1106230

https://bugzilla.suse.com/show_bug.cgi?id=1106231

https://bugzilla.suse.com/show_bug.cgi?id=1106233

https://bugzilla.suse.com/show_bug.cgi?id=1106235

https://bugzilla.suse.com/show_bug.cgi?id=1106236

https://bugzilla.suse.com/show_bug.cgi?id=1106237

https://bugzilla.suse.com/show_bug.cgi?id=1106238

https://bugzilla.suse.com/show_bug.cgi?id=1106240

https://bugzilla.suse.com/show_bug.cgi?id=1106291

https://bugzilla.suse.com/show_bug.cgi?id=1106297

https://bugzilla.suse.com/show_bug.cgi?id=1106333

https://bugzilla.suse.com/show_bug.cgi?id=1106369

https://bugzilla.suse.com/show_bug.cgi?id=1106426

https://bugzilla.suse.com/show_bug.cgi?id=1106427

https://bugzilla.suse.com/show_bug.cgi?id=1106464

https://bugzilla.suse.com/show_bug.cgi?id=1106509

https://bugzilla.suse.com/show_bug.cgi?id=1106511

https://bugzilla.suse.com/show_bug.cgi?id=1106594

https://bugzilla.suse.com/show_bug.cgi?id=1106636

https://bugzilla.suse.com/show_bug.cgi?id=1106688

https://bugzilla.suse.com/show_bug.cgi?id=1106697

https://bugzilla.suse.com/show_bug.cgi?id=1106743

https://bugzilla.suse.com/show_bug.cgi?id=1106779

https://bugzilla.suse.com/show_bug.cgi?id=1106800

https://bugzilla.suse.com/show_bug.cgi?id=1106890

https://bugzilla.suse.com/show_bug.cgi?id=1106891

https://bugzilla.suse.com/show_bug.cgi?id=1106892

https://bugzilla.suse.com/show_bug.cgi?id=1106893

https://bugzilla.suse.com/show_bug.cgi?id=1106894

https://bugzilla.suse.com/show_bug.cgi?id=1106896

https://bugzilla.suse.com/show_bug.cgi?id=1106897

https://bugzilla.suse.com/show_bug.cgi?id=1106898

https://bugzilla.suse.com/show_bug.cgi?id=1106899

https://bugzilla.suse.com/show_bug.cgi?id=1106900

https://bugzilla.suse.com/show_bug.cgi?id=1106901

https://bugzilla.suse.com/show_bug.cgi?id=1106902

https://bugzilla.suse.com/show_bug.cgi?id=1106903

https://bugzilla.suse.com/show_bug.cgi?id=1106905

https://bugzilla.suse.com/show_bug.cgi?id=1106906

https://bugzilla.suse.com/show_bug.cgi?id=1106948

https://bugzilla.suse.com/show_bug.cgi?id=1106995

https://bugzilla.suse.com/show_bug.cgi?id=1107008

https://bugzilla.suse.com/show_bug.cgi?id=1107060

https://bugzilla.suse.com/show_bug.cgi?id=1107061

https://bugzilla.suse.com/show_bug.cgi?id=1107065

https://bugzilla.suse.com/show_bug.cgi?id=1107073

https://bugzilla.suse.com/show_bug.cgi?id=1107074

https://bugzilla.suse.com/show_bug.cgi?id=1107078

https://bugzilla.suse.com/show_bug.cgi?id=1107265

https://bugzilla.suse.com/show_bug.cgi?id=1107319

https://bugzilla.suse.com/show_bug.cgi?id=1107320

https://bugzilla.suse.com/show_bug.cgi?id=1107522

https://bugzilla.suse.com/show_bug.cgi?id=1107535

https://bugzilla.suse.com/show_bug.cgi?id=1107689

https://bugzilla.suse.com/show_bug.cgi?id=1107735

https://bugzilla.suse.com/show_bug.cgi?id=1107756

https://bugzilla.suse.com/show_bug.cgi?id=1107870

https://bugzilla.suse.com/show_bug.cgi?id=1107924

https://bugzilla.suse.com/show_bug.cgi?id=1107945

https://bugzilla.suse.com/show_bug.cgi?id=1107966

https://bugzilla.suse.com/show_bug.cgi?id=1108010

https://bugzilla.suse.com/show_bug.cgi?id=1108093

https://bugzilla.suse.com/show_bug.cgi?id=1108243

https://bugzilla.suse.com/show_bug.cgi?id=1108520

https://bugzilla.suse.com/show_bug.cgi?id=1108870

https://bugzilla.suse.com/show_bug.cgi?id=1109269

https://bugzilla.suse.com/show_bug.cgi?id=1109511

https://bugzilla.suse.com/show_bug.cgi?id=920344

https://www.suse.com/security/cve/CVE-2018-10938/

https://www.suse.com/security/cve/CVE-2018-10940/

https://www.suse.com/security/cve/CVE-2018-1128/

https://www.suse.com/security/cve/CVE-2018-1129/

https://www.suse.com/security/cve/CVE-2018-12896/

https://www.suse.com/security/cve/CVE-2018-13093/

https://www.suse.com/security/cve/CVE-2018-13094/

https://www.suse.com/security/cve/CVE-2018-13095/

https://www.suse.com/security/cve/CVE-2018-14613/

https://www.suse.com/security/cve/CVE-2018-14617/

https://www.suse.com/security/cve/CVE-2018-16658/

https://www.suse.com/security/cve/CVE-2018-6554/

https://www.suse.com/security/cve/CVE-2018-6555/

http://www.nessus.org/u?f2ea94df

Plugin Details

Severity: High

ID: 120118

File Name: suse_SU-2018-2980-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2019/01/02

Updated: 2019/01/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2018/10/02

Reference Information

CVE: CVE-2018-10938, CVE-2018-10940, CVE-2018-1128, CVE-2018-1129, CVE-2018-12896, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14613, CVE-2018-14617, CVE-2018-16658, CVE-2018-6554, CVE-2018-6555